Malware reports

Virus Top 20 for March 2008

Position Change in position Name Proactive Detection Flag Percentage

1

No Change
0
Email-Worm.Win32.NetSky.q Trojan.generic 37.39
2 Up
+9
Email-Worm.Win32.Mydoom.m Trojan.generic 9.75
3 Up
+1
Email-Worm.Win32.NetSky.d Trojan.generic 7.19
4 Up
+1
Trojan-Downloader.Win32.Small.hsl
(downloader)
6.48
5 Up
+10
Net-Worm.Win32.Mytob.t Worm.P2P.generic 5.99
6 Up
+2
Email-Worm.Win32.Scano.gen Trojan.generic 5.80
7 Down
-5
Email-Worm.Win32.Bagle.gt Trojan.generic 4.35
8 Down
-1
Email-Worm.Win32.NetSky.aa Trojan.generic 4.08
9 Up
+4
Email-Worm.Win32.NetSky.y Trojan.generic 3.89
10 Up
+7
Email-Worm.Win32.Bagle.gen Trojan.generic 1.91
11 Down
-1
Email-Worm.Win32.Mydoom.l Worm.P2P.generic 1.82
12 Down
-3
Email-Worm.Win32.NetSky.x Trojan.generic 1.45
13 Down
-10
Email-Worm.Win32.Nyxem.e Trojan.generic 1.37
14 Return
Return
Email-Worm.Win32.Doombot.g Trojan.generic 1.10
15 Up
+4
Email-Worm.Win32.Scano.bn Trojan.generic 0.93
16 Return
Return
Email-Worm.Win32.NetSky.r Trojan.generic 0.88
17 Up
+3
Email-Worm.Win32.NetSky.c Trojan.generic 0.75
18 Return
Return
Email-Worm.Win32.NetSky.t Trojan.generic 0.73
19 Return
Return
Email-Worm.Win32.Scano.t Trojan.generic 0.44
20 Return
Return
Email-Worm.Win32.NetSky.b Trojan.generic 0.34
Other Malicious Programs 3.36

March 2008 proved to be somewhat atypical in terms of malicious code in mail traffic.

Firstly, there were no new malicious programs in the Top Twenty. Secondly, the new malicious programs which had appeared in the last few months were also absent from the rankings, although there had been no indication that this would happen. And finally, this month’s chart contains an increased number of worms which we’ve been detecting for years.

So: let’s start with the programs that are missing from the rankings. One pleasant absence is that of the Trojan-Downloader Diehard. More than 150 modifications of this program have been detected in the course of the last five months, including five which made it into our rankings. This epidemic indicated that someone was preparing to create an enormous botnet. But now the mailings of Diehard have ceased. Has the botnet been created? The coming month will show us the real state of affairs.

Our old friend, NetSky.q, continues to lead the rankings this month, and Mydoom.m rose a significant nine places to come in second. The last time these two worms were in such close competition with each other was way back in 2004. Even more impressive is the rise of Mytob.t – another of the worms which were so common in 2004 – 2005 – up ten places to fifth position.

The only program which could more or less be termed new in the entire Top Twenty is another Trojan-Downloader. Small.hsl appeared a month ago and went straight to fifth place. In March it rose another position, and may climb even higher.

All the representatives of the Zhelatin (Storm Worm) and Warezov families have disappeared from the rankings. Nyxem.e has fallen ten places, and is now in thirteenth place. Worms from the NetSky family have come to fill the void created by the absence of new epidemics, with three of the five programs re-entering the rankings in March belonging to this family.

Overall, March has been the most peaceful month that we’ve seen for a while. However, as always there’s the nagging thought that it may simply be the calm before the storm.

Other malicious programs made up a certain percentage (3.36%) of all malicious code found in mail traffic, indicating that a number of other worms and Trojans are currently in active circulation.

The Top Twenty countries which acted as sources of infected emails in March are shown below.

Position Change Ñountry Percentage
1 No Change
0
USA 13.16
2 Up
+2
China (mainland) 9.19
3 No Change
0
India 6.36
4 Down
-2
Korea, Republic of 6.17
5 No Change
0
United Kingdom 5.44
6 No Change
0
Germany 4.45
7 No Change
0
Spain 4.15
8 Up
+1
Brazil 2.88
9 Up
+2
France 2.55
10 Up
+3
Italy 2.53
11 Down
-1
Japan 2.24
12 Down
-4
Poland 2.11
13 Up
+1
Russian Federation 1.88
14 Up
+2
Australia 1.64
15 Down
-3
Turkey 1.59
16 Up
+4
United Arab Emirates 1.37
17 No Change
0
Canada 1.33
18 New!
New
Taiwan 1.23
19 Down
-1
Netherlands 1.20
20 New!
New
Malaysia 1.18
Other countries 27.35

Went up: Email-Worm.Win32.Mydoom.m, Email-Worm.Win32.NetSky.d, Trojan-Downloader.Win32.Small.hsl, Net-Worm.Win32.Mytob.t, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.NetSky.y, Email-Worm.Win32.Bagle.gen, Email-Worm.Win32.Scano.bn, Email-Worm.Win32.NetSky.c

Went down: Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.NetSky.aa, Email-Worm.Win32.Mydoom.l, Email-Worm.Win32.NetSky.x, Email-Worm.Win32.Nyxem.e

Re-entry: Email-Worm.Win32.Doombot.g, Email-Worm.Win32.NetSky.r, Email-Worm.Win32.NetSky.t, Email-Worm.Win32.Scano.t, Email-Worm.Win32.NetSky.b

No change: Email-Worm.Win32.NetSky.q

Virus Top 20 for March 2008

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox